[Date Prev][Date Next] [Chronological] [Thread] [Top]

[LONG] Re: LDAP Server backups



mike.mazzolini@bankofamerica.com wrote:
> All,
>         I am currently using the command line utility ldbmcat in order to
> generate a nightly version of my LDAP directory to an LDIF file for backup
> purposes.  It is working every night but doesn't seem to dump the entire
> LDAP directory for some reason.  I didn't realized this until one day I lost
> my LDAP server and need to reimport the LDIF file.

My backup schemes:
1 master server, 2 public "slaves", one private slave. All Redhat Linux,
various versions. The slaves all have backup scripts, as well as being 
"live" backups of the master. (Can you tell I once lost data and went down for
4 hours on a 20,000 user system? :-) )

Crontab on primary server:
------------
# 1:27 am daily ldiff backup
27 1 * * * root /usr/local/bin/ldap_backup daily > /dev/null 2>&1
# 3:32 am weekly ldiff backup (see other servers)
32 3 * * 0 root /usr/local/bin/ldap_backup weekly > /dev/null 2>&1
# 2:32 am monthly ldiff backup (see other servers)
32 2 15 * * root /usr/local/bin/ldap_backup daily > /dev/null 2>&1
-------------

Crontab on "private slave" server:
-------------
# 1:02 am daily ldiff backup
02 1 * * * root /usr/local/bin/ldap_backup daily > /dev/null 2>&1
# 2:32 am weekly ldiff backup (see other servers)
32 3 * * 2 root /usr/local/bin/ldap_backup weekly > /dev/null 2>&1
# 2:32 am monthly ldiff backup (see other servers)
32 2 20 * * root /usr/local/bin/ldap_backup monthly > /dev/null 2>&1
--------------

Note that the different backups are offset from eachother, which allows
me to maitain highest availabilty, as well as provide for a series
of different backups should any one (or two!) servers die or corrupt their
datafiles. I also use different database types... just in case. ;-)

My actual "ldap_backup" scripts are as follows, basically variants
on /etc/rc scripts.
On RedHat 7.0:
--------------
#!/bin/sh
#
# ldap  This shell script takes care of starting and stopping
#       ldap servers (slapd and slurpd) and generating backups
#
# chkconfig: - 39 61
# description: LDAP stands for Lightweight Directory Access Protocol, used \
#              for implementing the industry standard directory services.
# processname: slapd
# config: /etc/openldap/slapd.conf
# pidfile: /var/run/slapd.pid

# Source function library.
. /etc/init.d/functions

slapd=/usr/sbin/slapd
slurpd=/usr/sbin/slurpd
[ -x ${slapd} ] || exit 0
[ -x ${slurpd} ] || exit 0

RETVAL=0

LDAPFILES=/var/lib/ldap
function start() {
        # Start daemons.
        echo -n "Starting slapd:"
        daemon ${slapd}
        RETVAL=$?
        echo
        if [ $RETVAL -eq 0 ]; then
            if grep -q "^replogfile" /etc/openldap/slapd.conf; then
                echo -n "Starting slurpd:"
                daemon ${slurpd}
                RETVAL=$?
                echo
            fi
        fi
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/ldap
        return $RETVAL
}

function stop() {
        # Stop daemons.
        echo -n "Shutting down ldap: "
        killproc ${slapd}
        RETVAL=$?
        if [ $RETVAL -eq 0 ]; then
            if grep -q "^replogfile" /etc/openldap/slapd.conf; then
                killproc ${slurpd}
                RETVAL=$?
            fi
        fi
        echo
        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ldap /var/run/slapd.args
        return $RETVAL
}
# See how we were called.
case "$1" in
    daily)
        stop
        /usr/sbin/ldbmcat -n ${LDAPFILES}/id2entry.gdbm > ${LDAPFILES}/daily-ldif-backup
        start
        ;;
    weekly)
        stop
        /usr/sbin/ldbmcat -n ${LDAPFILES}/id2entry.gdbm > ${LDAPFILES}/weekly-ldif-backup
        start
        ;;
    monthly)
        stop
        /usr/sbin/ldbmcat -n ${LDAPFILES}/id2entry.gdbm > ${LDAPFILES}/monthly-ldif-backup
        start
        ;;
    *)
        echo "Usage: $0 daily|weekly|monthly}"
        RETVAL=1
esac

exit $RETVAL
-------------------------------------------
This one uses some RedHat 7 init.d functions, and gdbm.

My Redhat 6.2 box:
-------------------------------
#!/bin/sh
#
# ldap  This shell script takes care of starting and stopping
#       ldap servers (slapd and slurpd).
#
# chkconfig: - 39 61
# description: LDAP stands for Lightweight Directory Access Protocol, used \
#              for implementing the industry standard directory services.
# processname: slapd
# config: /etc/openldap/slapd.conf
# pidfile: /var/run/slapd.pid

# Source function library.
. /etc/rc.d/init.d/functions

[ -f /usr/sbin/slapd ] || exit 0
[ -f /usr/sbin/slurpd ] || exit 0

LDAPFILES=/var/lib/ldap

RETVAL=0
function start(){
        # Start daemons.
        echo -n "Starting ldap: "
        daemon slapd
        RETVAL=$?
        if [ $RETVAL -eq 0 ]; then
            if grep -q "^replogfile" /etc/openldap/slapd.conf; then
                daemon slurpd
                RETVAL=$?
                [ $RETVAL -eq 0 ] && pidof slurpd | cut -f 1 -d " " > /var/run/slurpd
            fi
        fi
        echo
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/ldap
}

function stop(){
        # Stop daemons.
        echo -n "Shutting down ldap: "
        killproc slapd
        RETVAL=$?
        if [ $RETVAL -eq 0 ]; then
            if grep -q "^replogfile" /etc/openldap/slapd.conf; then
                killproc slurpd
                RETVAL=$?
            fi
        fi
        echo
        if [ $RETVAL -eq 0 ]; then
            rm -f /var/lock/subsys/ldap
            rm -f /var/run/slapd.args
        fi
}
case "$1" in
    daily)
        stop
        /usr/sbin/ldbmcat -n ${LDAPFILES}/id2entry.dbb > ${LDAPFILES}/daily-ldif-backup
        start
        ;;
    weekly)
        stop
        /usr/sbin/ldbmcat -n ${LDAPFILES}/id2entry.dbb > ${LDAPFILES}/weekly-ldif-backup
        start
        ;;
    monthly)
        stop
        /usr/sbin/ldbmcat -n ${LDAPFILES}/id2entry.dbb > ${LDAPFILES}/monthly-ldif-backup
        start
        ;;
    *)
        echo "Usage: $0 daily|weekly|monthly}"
        RETVAL=1
esac

exit $RETVAL
----------------------------------------------

HTH,
-Ronabop

--2D426F70|759328624|00101101010000100110111101110000
Personal:  ron@opus1.com, 520-326-6109, http://www.opus1.com/ron/
Work: rchmara@pnsinc.com, 520-546-8993, http://www.pnsinc.com/
The opinions expressed in this email are not necessarily those of myself,
my employers, or any of the other little voices in my head.